2023-10-23 06:35:53 |
Erik Lönroth |
bug |
|
|
added bug |
2023-10-23 06:35:53 |
Erik Lönroth |
attachment added |
|
Screenshot from 2023-10-23 08-24-42.png https://bugs.launchpad.net/bugs/2040130/+attachment/5712396/+files/Screenshot%20from%202023-10-23%2008-24-42.png |
|
2023-10-23 06:38:09 |
Erik Lönroth |
description |
I was relating a haproxy:reverseproxy to the "juju-controller:swebsite" charm.
(See attached image)
The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit.
I was expecting the haproxy to be able to add those units as part of the config.
# Below the haprxy - There is shows that there are three units of the juju-controller.
juju show-unit haproxy/0
haproxy/0:
machine: "3"
opened-ports:
- 80/tcp
- 443/tcp
- 10000/tcp
public-address: 13.51.194.141
charm: ch:amd64/focal/haproxy-75
leader: true
life: alive
relation-info:
- relation-id: 1
endpoint: peer
related-endpoint: peer
application-data: {}
local-unit:
in-scope: true
data:
egress-subnets: 172.31.37.29/32
ingress-address: 172.31.37.29
private-address: 172.31.37.29
- relation-id: 2
endpoint: reverseproxy
related-endpoint: website
application-data: {}
related-units:
juju-controller/0:
in-scope: true
data:
egress-subnets: 172.31.19.33/32
hostname: 172.31.19.33
ingress-address: 172.31.19.33
port: "17070"
private-address: 172.31.19.33
juju-controller/1:
in-scope: true
data:
egress-subnets: 172.31.39.110/32
ingress-address: 172.31.39.110
private-address: 172.31.39.110
juju-controller/2:
in-scope: true
data:
egress-subnets: 172.31.8.39/32
ingress-address: 172.31.8.39
private-address: 172.31.8.39
# Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3.
frontend haproxy-0-443
bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3
default_backend app-controller
mode http
backend app-controller
mode http
balance leastconn
option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol
http-check expect status 101
server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check |
I was relating a haproxy:reverseproxy to the "juju-controller:swebsite" charm to achieve a ssl-termination for a juju controller setup in high-availability with three units.
(See attached image)
# The problem
The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. The other two units are not added to the config.
# Below the single haproxy unit - This shows that there are three units of the juju-controller.
juju show-unit haproxy/0
haproxy/0:
machine: "3"
opened-ports:
- 80/tcp
- 443/tcp
- 10000/tcp
public-address: 13.51.194.141
charm: ch:amd64/focal/haproxy-75
leader: true
life: alive
relation-info:
- relation-id: 1
endpoint: peer
related-endpoint: peer
application-data: {}
local-unit:
in-scope: true
data:
egress-subnets: 172.31.37.29/32
ingress-address: 172.31.37.29
private-address: 172.31.37.29
- relation-id: 2
endpoint: reverseproxy
related-endpoint: website
application-data: {}
related-units:
juju-controller/0:
in-scope: true
data:
egress-subnets: 172.31.19.33/32
hostname: 172.31.19.33
ingress-address: 172.31.19.33
port: "17070"
private-address: 172.31.19.33
juju-controller/1:
in-scope: true
data:
egress-subnets: 172.31.39.110/32
ingress-address: 172.31.39.110
private-address: 172.31.39.110
juju-controller/2:
in-scope: true
data:
egress-subnets: 172.31.8.39/32
ingress-address: 172.31.8.39
private-address: 172.31.8.39
# Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3.
frontend haproxy-0-443
bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3
default_backend app-controller
mode http
backend app-controller
mode http
balance leastconn
option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol
http-check expect status 101
server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check |
|
2023-10-23 17:15:29 |
Erik Lönroth |
description |
I was relating a haproxy:reverseproxy to the "juju-controller:swebsite" charm to achieve a ssl-termination for a juju controller setup in high-availability with three units.
(See attached image)
# The problem
The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. The other two units are not added to the config.
# Below the single haproxy unit - This shows that there are three units of the juju-controller.
juju show-unit haproxy/0
haproxy/0:
machine: "3"
opened-ports:
- 80/tcp
- 443/tcp
- 10000/tcp
public-address: 13.51.194.141
charm: ch:amd64/focal/haproxy-75
leader: true
life: alive
relation-info:
- relation-id: 1
endpoint: peer
related-endpoint: peer
application-data: {}
local-unit:
in-scope: true
data:
egress-subnets: 172.31.37.29/32
ingress-address: 172.31.37.29
private-address: 172.31.37.29
- relation-id: 2
endpoint: reverseproxy
related-endpoint: website
application-data: {}
related-units:
juju-controller/0:
in-scope: true
data:
egress-subnets: 172.31.19.33/32
hostname: 172.31.19.33
ingress-address: 172.31.19.33
port: "17070"
private-address: 172.31.19.33
juju-controller/1:
in-scope: true
data:
egress-subnets: 172.31.39.110/32
ingress-address: 172.31.39.110
private-address: 172.31.39.110
juju-controller/2:
in-scope: true
data:
egress-subnets: 172.31.8.39/32
ingress-address: 172.31.8.39
private-address: 172.31.8.39
# Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3.
frontend haproxy-0-443
bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3
default_backend app-controller
mode http
backend app-controller
mode http
balance leastconn
option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol
http-check expect status 101
server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check |
I was relating a haproxy:reverseproxy to the "juju-controller:website" charm to achieve a ssl-termination for a juju controller setup in high-availability with three units.
(See attached image)
# The problem
The juju-controller application has three units, but in the haproxy.cfg, there is only a single unit. The other two units are not added to the config.
# Below the single haproxy unit - This shows that there are three units of the juju-controller.
juju show-unit haproxy/0
haproxy/0:
machine: "3"
opened-ports:
- 80/tcp
- 443/tcp
- 10000/tcp
public-address: 13.51.194.141
charm: ch:amd64/focal/haproxy-75
leader: true
life: alive
relation-info:
- relation-id: 1
endpoint: peer
related-endpoint: peer
application-data: {}
local-unit:
in-scope: true
data:
egress-subnets: 172.31.37.29/32
ingress-address: 172.31.37.29
private-address: 172.31.37.29
- relation-id: 2
endpoint: reverseproxy
related-endpoint: website
application-data: {}
related-units:
juju-controller/0:
in-scope: true
data:
egress-subnets: 172.31.19.33/32
hostname: 172.31.19.33
ingress-address: 172.31.19.33
port: "17070"
private-address: 172.31.19.33
juju-controller/1:
in-scope: true
data:
egress-subnets: 172.31.39.110/32
ingress-address: 172.31.39.110
private-address: 172.31.39.110
juju-controller/2:
in-scope: true
data:
egress-subnets: 172.31.8.39/32
ingress-address: 172.31.8.39
private-address: 172.31.8.39
# Below the relevant sections from the haproxy-charm-generated haproxy.cfg file which shows only one server where there should be 3.
frontend haproxy-0-443
bind 0.0.0.0:443 ssl crt /var/lib/haproxy/certs no-sslv3
default_backend app-controller
mode http
backend app-controller
mode http
balance leastconn
option httpchk GET / HTTP/1.1\r\nHost:\ juju-apiserver\r\nConnection:\ Upgrade\r\nUpgrade:\ websocket\r\nSec-WebSocket-Key:\ aGFwcm94eQ==\r\nSec-WebSocket-Version:\ 13\r\nSec-WebSocket-Protocol:\ echo-protocol
http-check expect status 101
server juju-controller-0-17070 172.31.19.33:17070 ssl verify none check |
|